Emotets are one of the most dangerous Virus things on the internet, so it never hurts to refresh your memory with new tricks one can learn to avoid falling prey to them.
Emotet Now Has New Tricks.
Emotet uses a variety of Techniques to avoid detection and analysis. The emotet is polymorphic, meaning it can change each time it is downloaded, avoiding signature-based detection.
The emotet reappeared every now and then after a hiatus, bringing with it new techniques to deceive Security products and trick users into clicking links or enabling dangerous Virus code in Microsoft Office attachments. This pattern was followed by the resumption of operations last week.
A wave of malicious spam messages from known contacts, addressed by recipient name and appeared to be replying to existing email threads in the past week. They thus add credibility to malicious email, increasing the likelihood that someone will be hacked.
For example, one of the Word documents had a large amount of extra data appended to the end, making it over 500 MB in size, which is unusual for a text file but escapes detection and scanning by some security products. information. The binary stuffing or file pumping technique works by appending nulls to the end of the document.
When Word documents are opened, they display a graphic indicating that the content cannot be accessed unless the user clicks the “Open Content” button. The “Enable content” button overrides the default and allows the macro to run. The macro instructs Office to download the a.zip file from a legitimate but hacked website. Unzips the Office compressed file and executes the infected Emotet DLL.
Background Emotet
Emotet is a Trojan, which is mainly spread through spam emails (malspam). Malicious scripts, macro-initialized document files or malicious links can all spread the infection.
Emotet emails may contain images from well-known brands designed to appear as legitimate emails. The emotet uses enticing language about shipments from well-known courier companies to persuade users to click on “my invoice, calling information” or malicious files.
The emotet was done through several iterations. Early versions came in the form of malicious JavaScript files. Later versions used macro-initialized files to retrieve virus payloads from attacker’s command and control servers. We now have new solutions and they will undoubtedly not be the last.